microg / GmsCore

Free implementation of Play Services
https://microg.org
Apache License 2.0
8.7k stars 1.74k forks source link

To pass SafetyNet... #1397

Closed C9Glax closed 3 years ago

C9Glax commented 3 years ago

I was able to pass SafetyNet basic and cts with Magisk installed (Only Basic Eval, not Hardware attested). Setup: Device: Xiaomi Mi 9T (Europe) ROM: ArrowOS (11, no GAPPS) Other software: MicroG, Magisk

Steps to reproduce:

  1. Flash Firmware, ROM and Magisk 2. Install MicroG (Core, Proxy, Store and DroidHelper) (from F-Droid)
  2. Setup Magisk (incl. Environment and reboot)
  3. On Magisk install Modules:
    • Riru
    • Riru EdXposed
    • microG Installer Revived (To install as system-app)
    • MagiskHide Props Config
  4. Reboot 6. Install kdrag0n Universal SafetyNet Fix with Magisk
  5. In EdXposed install "HiddenCore" Module 8. In a terminal-emulator use (su) props and replace the fingerprint with one that matches your security fix. (e.g. Android Q/R, just use a Google Pixel) Finally a step that requires a bit more attention:
  6. Download a custom DroidGuard (WARNING: This is not recommended, but has to be done, because MicroG DroidGuard crashes while checking)
  7. Replace /system/priv-app/DroidGuard/DroidGuard.apk with the downloaded apk.
  8. Uninstall the old DroidGuard (root uninstall required), reboot, and re-install with the replaced file.
  9. Don't forget to setup MicroG and enable SafetyNet!

Enjoy, and tell me if it works for you.

nift4 commented 3 years ago

HiddenCore fakes SafetyNet.

C9Glax commented 3 years ago

So what you are saying is that you actually don't need to fake props and use the custom DroidGuard?

Edit: You have to use custom DroidGuard.

nift4 commented 3 years ago

Nope, I say you should not use HiddenCore because actual apps that use SafetyNet will not work.

nift4 commented 3 years ago

I did run into that trap already...

C9Glax commented 3 years ago

You are right, and it annoys me -,-

GEkuL commented 3 years ago

@C9Glax hello there, could you help me with the issue?

I have almost the same story as you, but can't pass SafetyNet. Can you contact me please?

markone89 commented 2 years ago

@C9Glax hello there, could you help me with the issue?

I have almost the same story as you, but can't pass SafetyNet. Can you contact me please?

Same situation with POCO X3 pro, crdroid 7.13 (and any custom rom (microg lineageos, arrowOS, with magisk canary (with zygisk) or stable (riru), , If anyone can advise I would appreciate. Momo: Device is running a custom rom Safetynet check advice: RESTORE_FACTORY_ROM Any ideas?

ghost commented 2 years ago

The whole SafetyNet concept itself is a GMS based attestation. Remember that we're spoofing GMScore to be able to utilize their services. CTS is a security layer where it's been updated, improvised, & gets security vulnerabilities fixed on each monthly Android update. That's why even if you successfully attempt to do that, it'll probably fail back eventually.

markone89 commented 2 years ago

Thank you very much for your answer, and sorry for the late response. Now I'm understand the mechanism. :)

ale5000-git commented 2 years ago

Latest microG GmsCore pass SafetyNet.

D3SOX commented 2 years ago

Still fails for me. Using Lineage for microG on a OnePlus 8T + Magisk v24 (Zygisk enabled) Updated microG Services Core via F-Droid

Screenshot ![Screenshot_20220126-143828_microG_Services_Core.png](https://user-images.githubusercontent.com/24937357/151173014-a0e74c11-9e52-46ec-9da1-a3f35cf00da2.png)
Atemu commented 2 years ago

OP8T is rather new; are you even able to pass safetynet with real gapps with an unlocked bootloader?

ale5000-git commented 2 years ago

If the bootloader is unlocked the one that compile the ROM must include the patch to hide it (or use Magisk to hide it, probably there is a module for it). I'm able to pass it on Galaxy S2.

Try to test with this app: https://play.google.com/store/apps/details?id=org.freeandroidtools.safetynettest It should give a more detailed reply.

D3SOX commented 2 years ago

@Atemu Yes I think so, I haven't used Gapps in a while.

I tried https://github.com/kdrag0n/safetynet-fix/ and now it looks like this ![Screenshot_20220126-160552_microG_Services_Core.png](https://user-images.githubusercontent.com/24937357/151189287-d6f4df3d-8a24-4819-9d65-3b19fdfb4971.png)
With the other app ![Screenshot_20220126-160850_SafetyNet.png](https://user-images.githubusercontent.com/24937357/151189658-56a5a5da-6c3e-41ee-8af5-e29333ea10e7.png)

I can try backing up my stuff and see if I get safetynet with an unlocked bootloader + stock ROM + Magisk

ale5000-git commented 2 years ago

@D3SOX: You problem is specific to your phone, not general; so please open a separate issue to avoid confusion.

parcelcat commented 2 years ago

@D3SOX Installing MagiskHide Props Config and setting a certified device fingerprint should make SafetyNet pass the CTS profile match. (This applies to all devices that pass the basic integrity check, but not the CTS profile match.)

D3SOX commented 2 years ago

@D3SOX Installing MagiskHide Props Config and setting a certified device fingerprint should make SafetyNet pass the CTS profile match. (This applies to all devices that pass the basic integrity check, but not the CTS profile match.)

I tried that already setting it to the OnePlus 8T fingerprint, which one did you use? And should I have both SafetyNet Fix and Hide Props Config enabled at the same time? I had only one at a time enabled while testing it.

parcelcat commented 2 years ago

@D3SOX Yes, I need both packages at the same time to pass SafetyNet. I used the fingerprint that matched my device model, so I would expect the OnePlus 8T fingerprint to work for you.

D3SOX commented 2 years ago

@parcelcat Thank you. Now microG is good but the other app still complains

Screenshots ![Screenshot_20220128-082303_microG_Services_Core.png](https://user-images.githubusercontent.com/24937357/151504632-6f01ac38-2827-4f23-9a69-424103b1ed16.png) ![Screenshot_20220128-082311_SafetyNet_`attest`.png](https://user-images.githubusercontent.com/24937357/151504646-f99324f1-7f46-410c-93f3-246d268a7c1b.png)

Is there an app I can try that requires SafetyNet to run?

markone89 commented 2 years ago

I would like to make work on my poco x3 pro as in the past the following app: https://play.google.com/store/apps/details?id=hu.otpbank.mobile&hl=en&gl=US you can test registration not need to start the program. At the beginning you will fail to start the app if the phone is not compliant. If you will see the logon screen you passed :)

ale5000-git commented 2 years ago

I think that there is some issue with the latest version of SafetyNet Helper Sample.

I currently use this to test: https://play.google.com/store/apps/details?id=org.freeandroidtools.safetynettest https://m.apkpure.com/it/safetynet-test/org.freeandroidtools.safetynettest

D3SOX commented 2 years ago

@ale5000-git This app says I'm good to go :tada: Nice job @ everybody who was involved in making this happen.

ArchangeGabriel commented 2 years ago

@ale5000-git Yes, that is likely because the developer revoked his key after it has been used in this repository (https://github.com/microg/GmsCore/issues/1644). So the app need to be updated.

parcelcat commented 2 years ago

Glad it worked! For anyone who is looking for a SafetyNet testing app, I recommend YASNAC because it is ad-free and open source: https://play.google.com/store/apps/details?id=rikka.safetynetchecker

ghost commented 2 years ago

Latest microG GmsCore pass SafetyNet.

Wow is it really true? Tell me if it's DroidGuard or GMSCore itself...😅

JonnyTech commented 2 years ago

https://github.com/microg/GmsCore/releases/tag/v0.2.23.214816

v0.2.23.214816
Changelog
    SafetyNet / DroidGuard:
        Implement DroidGuard without additional helper.

No need for DroidGuard helper any more, just install GMSCore.

markone89 commented 2 years ago

Dears,

With the latest microg+magisk v24 (zygisk enforce list)+magisk hide props everything working pretty well :)

Thank you for all! :)

IngwiePhoenix commented 2 years ago

So I am a little stuck...

When I run YASNAC, the basic integrity passes but I am told that the CTS profile does not match.

Any idea how I could fix that? Thank you :)

D3SOX commented 2 years ago

So I am a little stuck...

  • Device: Razer Phone 2
  • OS: Lineage OS 18.1, no GAPPS
  • Magisk: 24.3
    • LSPosed: 1.8.0
    • FakeGApps: 3.0 via fork by whew-inc
    • USNF: 2.2.1
    • microG Installer Revived: 2.6.2-0 (microG Services Core 0.2.24.214816)

When I run YASNAC, the basic integrity passes but I am told that the CTS profile does not match.

Any idea how I could fix that? Thank you :)

Try installing MagiskHideProps and Universal SafetyNet Fix. I pass everything in YASNAC with them. Also I'd recommend using Lineage for microG instead of installing it via Magisk.

Atemu commented 2 years ago

To be more precise, you need to use MagiskHideProps to get a google-blessed device fingerprint. You won't pass CTS with a custom rom fingerprint.

In my case, I USF didn't actually do anything; I only needed to change my fingerprint.

IngwiePhoenix commented 2 years ago

So I am a little stuck...

  • Device: Razer Phone 2
  • OS: Lineage OS 18.1, no GAPPS
  • Magisk: 24.3

    • LSPosed: 1.8.0

    • FakeGApps: 3.0 via fork by whew-inc

    • USNF: 2.2.1

    • microG Installer Revived: 2.6.2-0 (microG Services Core 0.2.24.214816)

When I run YASNAC, the basic integrity passes but I am told that the CTS profile does not match. Any idea how I could fix that? Thank you :)

Try installing MagiskHideProps and Universal SafetyNet Fix. I pass everything in YASNAC with them. Also I'd recommend using Lineage for microG instead of installing it via Magisk.

That worked! Thanks for the hint, everything is passing now as it should.

ghost commented 2 years ago

Some points to consider:

  1. Your ROM should support signature spoofing. If not, you need to use LSPosed module with FakeGApps
  2. If your ROM is not safetynet patched, then you can flash kdrag0n's safetynet fix magisk module. If it's already patched, then you don't need it.
  3. Your ROM should spoof any official supported device fingerprint like Pixel 5, 4 XL, or any Redmi's fingerprint. If it did not, then you can try PixelProps module (redfin is recommended)
  4. If you don't intend to root your system at all, then the ROM you flash must satisfy the above three points out of the box. And you have to patch the vanilla version of that ROM with MinMicrog with any custom recovery, which'll work even without magisk.

Some other points which are false:

  1. No. Flashing magisk modules won't break your CTS.
  2. No. YASNAC or any other safetynet apps usually not needed or required. Microg now has it's own safetynet checker.
  3. No. MagiskHide is deprecated now. Update your magisk & enable Zygisk Denylist. Then add your apps into it that insist not to work due to root issues.
alfredonodo commented 2 years ago

Hi, I have a samsung s8+ with lineage os 19.1 (without gapps), microg (0.2.24), magisk (2.51), universal satefyNet Fix (2.3.1) and magiskHidePropsConfig (6.1.2). Unfortunately, I cannot pass the safetyNet test because the CTS profile does not match. What can I do? Thanks microG

ghost commented 2 years ago

@alfredonodo

microg (0.2.24)

How did you install microg ? On a fresh install, try minMicrog. Or microg_revived (magisk only)

magiskHidePropsConfig (6.1.2)

is outdated. Dev dropped it & you have to use something like Pixel Props.

alfredonodo commented 2 years ago

@alfredonodo

microg (0.2.24)

How did you install microg ? On a fresh install, try minMicrog. Or microg_revived (magisk only)

magiskHidePropsConfig (6.1.2)

is outdated. Dev dropped it & you have to use something like Pixel Props.

I installed microg via apk download from the official site. OK I will use Pixel Props.

ghost commented 2 years ago

I installed microg via apk download from the official site

You need to systemize it. Microg have issues on userspace side. Or better flash any of the 2 bundles I suggested above.

alfredonodo commented 2 years ago

I installed microg via apk download from the official site

You need to systemize it. Microg have issues on userspace side. Or better flash any of the 2 bundles I suggested above.

How can I systemize microg? Pixel Props does not support S8+.

Edit: I solved, thank you. I installed microG, magisk, universal satefyNet Fix and microG Installer.